Updated 2/27/12: It seems it didn't take the bad guys long to find a way around Google's 'Bouncer' security scanner for the Android Market. Rather than uploading malware to the Android Market, security firm Sophos has discovered new malware that spreads via the Facebook app.

Security researcher Vanja Svajcer explains how it works:

A few days ago I received a Facebook friend request and, as is usual, used my Android smartphone to check out the details of the person before I decided whether I wanted to become "friends" or not.

As the following video demonstrates, a link on the user's Facebook profile redirected my browser to a webpage that downloaded malware automatically onto my Android phone.

The malware package is called any_name.apk and is yet another dialer that calls premium rate numbers without the handset owner's consent. This is a popular trick used by those writing malware for mobile devices because it's an easy way to siphon money from the victim to the bad guys.

Image credit: Sophos

Sophos detect the rogue application as Andr/Opfake-C.

Updated editor's note: Although the download is initiated automatically, a Google spokesperson noted that the malware app will not be installed unless the user initiates that install action.

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic...
Full Bio

Disclosure

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.